Another example of automation or PowerShell + Google Apps Script
Laziness is the engine of progress ...
So I, having found some free time, decided to automate a task that is quite routine for each admin - creating and disabling users.
It all started with the creation of a script on PowerShell, where you were asked to enter user data from the console. As a result, an AD user was created in the corresponding OU, with the fields filled in.
')
Next, create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful Apps Script service. It is based on JavaScript. The abundance of documentation and little programming experience helped to deal with this matter. Here we transfer these functions in the same way - the account has been created.
With the same tool, we rework the Welcome-letter template, replacing% username%, etc. for real data and send pdf to HR, boss, new user and of course to yourself.
Of course, data entry from two consoles is not the result that I would like to receive. In this, a Google-form for data was created. Scripts are added to the scheduler to repeat every 5 minutes.
After working out the Google script, via Backup and Sync (GDrive), the data in the form of a text file is transferred to the local network. This is where PowerShell takes over - parses the file and creates an AD user. Now it's beautiful!
So I, having found some free time, decided to automate a task that is quite routine for each admin - creating and disabling users.
1. PowerShell
It all started with the creation of a script on PowerShell, where you were asked to enter user data from the console. As a result, an AD user was created in the corresponding OU, with the fields filled in.
')
$files = Get-ChildItem -LiteralPath \\server\users$ -Include *.txt -File foreach ($file in $files) { $text = Get-Content -Path $file.FullName $data = $text.Split(";") $action = $data[0] $name = $data[1] $lastName = $data[2] $password = $data[3] $project = $data[4] $position = $data[5] $pc = $data[6] if ($action -eq "Add") { createADUser $name $lastName $project $position $password $pc } elseif ($action -eq "Suspend") { disableAdUser ("$name.$lastName") } $file.Delete() } function createADUser($name, $lastName, $project, $position, $password, $pc) { $office = "Head Office" $path = "OU=Users,DC=corp,DC=mydomain,DC=com" $login = "$name.$lastName".ToLower() if ($project -ne "") { $path = "OU=$project,$path" } if ($password -eq "") { $password = "12345678" } New-ADUser -Name "$name $lastName" -DisplayName "$name $lastName" -GivenName $name -Surname $lastName -SamAccountName $login -UserPrincipalName "$login@corp.mydomain.com" -Path $path -Enabled $true -AccountPassword (ConvertTo-SecureString -AsPlainText $password -Force) Set-ADUser -Identity "$name.$lastName" -Department $projectName -Title $position -Office $office -ChangePasswordAtLogon $true -EmailAddress "$login@mydomain.com" Set-ADAccountPassword -Identity "$name.$lastName" -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force) Add-ADGroupMember -Identity GroupName -Members "$name.$lastName" if ($pc -ne "") { Set-ADUser -Identity "$name.$lastName" -Description $pc.ToUpper() setAdmin $pc $login setPcConfig $pc setPcOwner $pc $login } sendMail "$login has been created" } function disableAdUser ($user) { $userObj = Get-ADUser -Identity $user Set-ADUser -Identity $user -Enabled 0 Move-ADObject -Identity $userObj -TargetPath "OU=Fired_users,OU=Users,DC=corp,DC=mydomain,DC=com" sendMail "$user has been disabled" } 2. Google Apps Script
Next, create a mailbox, which in my case is hosted on Gmail. Thanks to this, you can use the wonderful Apps Script service. It is based on JavaScript. The abundance of documentation and little programming experience helped to deal with this matter. Here we transfer these functions in the same way - the account has been created.
With the same tool, we rework the Welcome-letter template, replacing% username%, etc. for real data and send pdf to HR, boss, new user and of course to yourself.
function createUser(name, lastName, gender, groups, password, title, department) { var userMail = email((name + "." + lastName).toLowerCase()); var admin = email("admin"); var recipients = admin + "," + email("hr") + "," + email("boss"); var subject = "Welcome! " + name + " " + lastName + " - " + title; var body = "Welcome to the jungle"; var attachment = makeWelcome(name, lastName, password); var resource = { "name": { "familyName": lastName, "givenName": name }, "password": password, "primaryEmail": userMail, "changePasswordAtNextLogin": true, "organizations": [{ "title": title, "department": department }], "gender": { "type": gender } } AdminDirectory.Users.insert(resource); Logger.log(userMail + "'S BEEN CREATED"); for (var i = 0; i < groups.length; i++) { addMember(groups[i], userMail); } var options = { "attachments": [attachment], "name": "Sysadmin" } MailApp.sendEmail(recipients, subject, body, options); MailApp.sendEmail(userMail, "Welcome!", body, options); } 3. UI, automation
Of course, data entry from two consoles is not the result that I would like to receive. In this, a Google-form for data was created. Scripts are added to the scheduler to repeat every 5 minutes.
After working out the Google script, via Backup and Sync (GDrive), the data in the form of a text file is transferred to the local network. This is where PowerShell takes over - parses the file and creates an AD user. Now it's beautiful!
Source: https://habr.com/ru/post/353028/
All Articles